Profile Applicability:
• Level 1
Description:
The MaxStartups option in the SSH daemon (sshd) configuration limits the maximum number of concurrent unauthenticated connections to the SSH server. Proper configuration helps prevent denial-of-service (DoS) attacks by limiting the number of simultaneous connection attempts.
Rationale:
Limiting unauthenticated connections reduces the risk of resource exhaustion and helps maintain system availability during attack scenarios.
Impact:
Pros:
Protects against DoS attacks targeting SSH service.
Ensures system resources are not overwhelmed by excessive connection attempts.
Cons:
Setting too low a value may cause legitimate connection delays.
Default Value:
Defaults often allow up to 10 unauthenticated connections with a start dropping rate of 30%.
Pre-requisites:
Root or sudo privileges to modify SSH daemon configuration.
Remediation:
Test Plan:
Using Linux command line:
Check current MaxStartups setting in /etc/ssh/sshd_config:
grep ^MaxStartups /etc/ssh/sshd_config
Review the configured limit and drop rate.
Implementation Plan:
Using Linux command line:
Edit /etc/ssh/sshd_config:
vi /etc/ssh/sshd_config
Add or update the MaxStartups directive with recommended values, for example:
MaxStartups 10:30:60
Save the file and restart sshd:
systemctl restart sshd
Verify the setting:
grep ^MaxStartups /etc/ssh/sshd_config
Backout Plan:
Using Linux command line:
Revert to previous MaxStartups settings if necessary.
Restart sshd and verify connectivity.
References: